× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 69f448e4edeacd9bd519feed16938a8082c605899b4eaefc7f3494553a2662a2
File name: wukonakigdop.exe.vir
Detection ratio: 28 / 46
Analysis date: 2013-05-16 15:26:33 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AVG Win32/Cryptor 20130516
Agnitum Backdoor.Pushdo!feG0QLb/a3E 20130516
AntiVir TR/Dropper.Gen 20130516
Avast Win32:Malware-gen 20130516
BitDefender Gen:Variant.Kazy.172451 20130516
Comodo UnclassifiedMalware 20130516
DrWeb BackDoor.Bulknet.893 20130516
ESET-NOD32 Win32/Wigon.PH 20130516
Emsisoft Trojan.Win32.Wigon.AMN (A) 20130516
F-Secure Gen:Variant.Kazy.172451 20130516
Fortinet W32/Pushdo.PH!tr.bdr 20130516
GData Gen:Variant.Kazy.172451 20130516
Ikarus Virus.Win32.Cryptor 20130516
Kaspersky Backdoor.Win32.Pushdo.qbz 20130516
Kingsoft Win32.Hack.Pushdo.q.(kcloud) 20130506
Malwarebytes Trojan.Agent.RRE 20130516
McAfee Cutwail-FBVJ!6C5A8C0AF08B 20130516
McAfee-GW-Edition Cutwail-FBVJ!6C5A8C0AF08B 20130516
MicroWorld-eScan Gen:Variant.Kazy.172451 20130516
Norman Suspicious_Gen4.DVYCO 20130516
PCTools Malware.Pilleuz!rem 20130516
Panda Trj/Genetic.gen 20130516
Symantec W32.Pilleuz 20130516
TheHacker Trojan/Wigon.ph 20130516
TrendMicro TROJ_GEN.RCBB1EA 20130516
TrendMicro-HouseCall TROJ_GEN.RCBB1EA 20130516
VIPRE Trojan.Win32.Generic!BT 20130516
nProtect Backdoor/W32.Pushdo.37888.E 20130516
AhnLab-V3 20130516
Antiy-AVL 20130516
ByteHero 20130513
CAT-QuickHeal 20130516
ClamAV 20130516
Commtouch 20130516
F-Prot 20130516
Jiangmin 20130516
K7AntiVirus 20130515
K7GW 20130515
Microsoft 20130516
NANO-Antivirus 20130516
SUPERAntiSpyware 20130516
Sophos 20130516
TotalDefense 20130516
VBA32 20130515
ViRobot 20130516
eSafe 20130513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-09-06 23:43:57
Link date 12:43 AM 9/7/2007
Entry Point 0x00001235
Number of sections 4
PE sections
PE imports
CreateDCA
GetProcAddress
GetModuleHandleA
GetVersion
MessageBoxA
Number of PE resources by type
RT_DIALOG 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
35840

ImageVersion
0.0

ProductName
IMMSIM++

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
5.12

OriginalFilename
immsim++

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 0, 0, 0

TimeStamp
2007:09:07 00:43:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
immsim++

FileAccessDate
2013:05:24 11:06:25+01:00

ProductVersion
1, 0, 0, 0

FileDescription
Immune System Simulator

OSVersion
4.0

FileCreateDate
2013:05:24 11:06:25+01:00

FileOS
Win32

LegalCopyright
Copyright 1998

MachineType
Intel 386 or later, and compatibles

CompanyName
Steven Kleinstein

CodeSize
1024

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1235

ObjectFileType
Executable application

File identification
MD5 6c5a8c0af08b69ef2206324a0a5fe35a
SHA1 f34272192c4ed4ea5b9efd24fa2711107e8b3fd0
SHA256 69f448e4edeacd9bd519feed16938a8082c605899b4eaefc7f3494553a2662a2
ssdeep
768:OOazPrS1arJn6NBTIzEGM9nCOsyJzkpF51nx2Dp:9azPrTRUUxM9nCLcD

File size 37.0 KB ( 37888 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
Clipper DOS Executable (11.7%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-09 16:15:30 UTC ( 11 months, 2 weeks ago )
Last submission 2013-07-19 18:31:26 UTC ( 9 months ago )
File names 6c5a8c0af08b69ef2206324a0a5fe35a
wukonakigdop.exe.vir
6c5a8c0af08b69ef2206324a0a5fe35a
vti-rescan
wukonakigdop.exe
exp3A3.tmp.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Set keys
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications